Trust & Transparency
Learn how RiskRadar protects your data and maintains enterprise-grade security and compliance standards.
Status: SOC 2 Type II audit in progress, expected completion Q2 2025.
RiskRadar is currently undergoing a SOC 2 Type II examination to demonstrate our commitment to security, availability, processing integrity, confidentiality, and privacy. This independent third-party audit validates our internal controls and data handling practices.
What this means: While our audit is in progress, we have implemented industry-standard controls based on SOC 2 requirements. Upon completion, a full attestation report will be available to enterprise customers under NDA.
Encryption
- • AES-256 encryption at rest
- • TLS 1.3 for data in transit
- • Encrypted database backups
- • End-to-end encrypted file uploads
Access Controls
- • Role-based access control (RBAC)
- • Multi-factor authentication (MFA)
- • SSO via SAML 2.0 (RiskMAX)
- • Audit logging of all access events
Infrastructure
- • Hosted on AWS (SOC 2, ISO 27001 certified)
- • Automated security patching
- • DDoS protection via Cloudflare
- • Continuous vulnerability scanning
Monitoring & Response
- • 24/7 automated threat detection
- • Quarterly penetration testing
- • Incident response playbooks
- • Security training for all employees
Default Processing Location
All data is processed in United States-based AWS regions (us-east-1, us-west-2) by default. Your documents and reports remain within U.S. borders unless you explicitly opt for regional processing.
Data Retention Policy
We follow a minimal retention approach:
- • Uploaded documents: Deleted 30 days after report generation (unless pinned by user)
- • Generated reports: Retained indefinitely until account deletion or explicit deletion request
- • Account data: Deleted within 90 days of account closure
- • Audit logs: Retained for 1 year for security and compliance purposes
RiskMAX: Regional Data Residency Options
Enterprise customers can request data processing in EU (eu-west-1) or other regions for compliance with local data protection regulations. Contact sales@riskradar.rip for custom residency configurations.
GDPR Compliance
Full compliance with EU General Data Protection Regulation. EU users have rights to access, rectify, erase, and port their data. See our Privacy Policy for details.
CCPA Compliance
California residents have rights to know, delete, and opt-out of data sales (we do not sell data). Submit requests via DSAR form.
Data Subject Access Requests (DSAR)
Users can request access to, correction of, or deletion of their personal data at any time. We respond to all valid requests within 30 days.
Submit DSAR Request| Service | Purpose | Data Processed | Location |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting & storage | All application data | US (default) |
| Stripe | Payment processing | Payment card data | US |
| Supabase | Database & auth | User credentials, metadata | US |
| OpenAI | AI/LLM processing | Document content (temporary) | US |
| Vercel | Edge hosting & CDN | Web traffic logs | Global |
| Cloudflare | DDoS protection & CDN | IP addresses, traffic | Global |
Last updated: December 2024. We will notify customers 30 days before adding new subprocessors that handle customer data.
Enterprise customers requiring a signed Data Processing Agreement for GDPR or other regulatory compliance can download our standard DPA template or request a custom agreement.
Standard DPA turnaround: 5-7 business days. Custom agreements may require additional review time.
Legal Entity
RiskRadar, LLC
Montana Limited Liability Company
(Business registration details available upon request)
Contact Information
- Security: security@riskradar.rip
- Privacy/DSAR: privacy@riskradar.rip
- Legal/DPA: legal@riskradar.rip
- General Support: support@riskradar.rip
Important Disclosure
While RiskRadar implements enterprise-grade security controls and is pursuing SOC 2 certification, no system is 100% secure. We make no guarantees or warranties regarding data security.
Service provided "AS IS" with total liability capped at $75. Users are responsible for conducting their own due diligence and should not rely on RiskRadar reports as a substitute for professional inspections, legal advice, or licensed assessments. See our Terms of Service for complete limitations.